svn commit: r1762751 - in /jackrabbit/oak/trunk/oak-auth-external/src: main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/ test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/

dj Thu, 29 Sep 2016 02:35:16 -0700

Author: dj
Date: Thu Sep 29 09:34:17 2016
New Revision: 1762751

URL: http://svn.apache.org/viewvc?rev=1762751&view=rev
Log:
OAK-4845 : Regression: DefaultSyncContext does not sync membership to a local 
group


Modified:
    
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java
    
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/package-info.java
    
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContextTest.java

Modified: 
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java?rev=1762751&r1=1762750&r2=1762751&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java
 Thu Sep 29 09:34:17 2016
@@ -533,7 +533,8 @@ public class DefaultSyncContext implemen
             if (a == null) {
                 grp = createGroup(extGroup);
                 log.debug("- created new group");
-            } else if (a.isGroup() && isSameIDP(a)) {
+            } else if (a.isGroup() && (getIdentityRef(a) == null || 
isSameIDP(a))) {
+                // limit to same IDP or local (no IDP ref) groups, see OAK-4845
                 grp = (Group) a;
             } else {
                 log.warn("Existing authorizable '{}' is not a group from this 
IDP '{}'.", extGroup.getId(), idp.getName());

Modified: 
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/package-info.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/package-info.java?rev=1762751&r1=1762750&r2=1762751&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/package-info.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/package-info.java
 Thu Sep 29 09:34:17 2016
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-@Version("1.2.0")
+@Version("1.2.1")
 @Export
 package org.apache.jackrabbit.oak.spi.security.authentication.external.basic;
 

Modified: 
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContextTest.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContextTest.java?rev=1762751&r1=1762750&r2=1762751&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContextTest.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContextTest.java
 Thu Sep 29 09:34:17 2016
@@ -64,6 +64,7 @@ import static org.junit.Assert.assertNot
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertSame;
 import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
 
 public class DefaultSyncContextTest extends AbstractExternalAuthTest {
 
@@ -539,11 +540,13 @@ public class DefaultSyncContextTest exte
         // 1. membership nesting is < 0 => membership not synchronized
         syncConfig.user().setMembershipNestingDepth(-1);
         syncCtx.sync(user.getID()).getStatus();
+        root.commit();
         assertTrue(gr.isDeclaredMember(user));
 
         // 2. membership nesting is > 0 => membership gets synchronized
         syncConfig.user().setMembershipNestingDepth(1);
         assertEquals(SyncResult.Status.UPDATE, 
syncCtx.sync(user.getID()).getStatus());
+        root.commit();
 
         assertFalse(gr.isDeclaredMember(user));
     }
@@ -568,6 +571,7 @@ public class DefaultSyncContextTest exte
         syncConfig.user().setMembershipNestingDepth(1);
 
         assertEquals(SyncResult.Status.UPDATE, 
syncCtx.sync(user.getID()).getStatus());
+        root.commit();
 
         // since the group is not associated with the test-IDP the 
group-membership
         // must NOT be modified during the sync.
@@ -614,8 +618,7 @@ public class DefaultSyncContextTest exte
         setExternalID(gr, "foreignIDP");  // but don't set rep:lastSynced :-)
         root.commit();
 
-        SyncResult result = syncCtx.sync(externalUser);
-        assertSame(SyncResult.Status.ADD, result.getStatus());
+        sync(externalUser);
 
         User user = userManager.getAuthorizable(externalUser.getId(), 
User.class);
         assertNotNull(user);
@@ -636,6 +639,37 @@ public class DefaultSyncContextTest exte
         }
     }
 
+    /**
+     * @see <a 
href="https://issues.apache.org/jira/browse/OAK-4845";>OAK-4845</a>
+     */
+    @Test
+    public void testMembershipForExistingLocalGroup() throws Exception {
+        
syncConfig.user().setMembershipNestingDepth(1).setMembershipExpirationTime(-1).setExpirationTime(-1);
+        syncConfig.group().setExpirationTime(-1);
+
+        ExternalUser externalUser = idp.getUser(USER_ID);
+        ExternalIdentityRef groupRef = 
externalUser.getDeclaredGroups().iterator().next();
+
+        // create the group locally (has no rep:externalId)
+        Group gr = userManager.createGroup(groupRef.getId());
+        root.commit();
+
+        sync(externalUser);
+
+        User user = userManager.getAuthorizable(externalUser.getId(), 
User.class);
+        assertNotNull(user);
+
+        // verify membership gets added
+        assertTrue(gr.isDeclaredMember(user));
+        Iterator<Group> declared = user.declaredMemberOf();
+        while (declared.hasNext()) {
+            if (gr.getID().equals(declared.next().getID())) {
+                return;
+            }
+        }
+        fail();
+    }
+
     @Test
     public void testGetAuthorizableUser() throws Exception {
         ExternalIdentity extUser = idp.listUsers().next();

svn commit: r1762751 - in /jackrabbit/oak/trunk/oak-auth-external/src: main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/ test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/

Reply via email to